In the source code of a free storage hosting site I noticed a code to be invoked when pressing a javascript button. There is no reason to the action to be encrypted, so I think a lot about malicious coding, worms, and so on...

The action is to start the upload of a selected file in the user's computer to the free storage site, at a folder assigned to the user.

As soon I asked the site owner what was the purpose of such code, the web page was modified, and the code deleted. Unfortunately I didn't captured the whole page source, just the tag.

Actually I would like to track the following actions after pressing the button, as you suggest, mainly because the owner of such site posted a question here in EE, asking the experts to upload a file to test the interactivity.

Free storage area + a site with no banners or advertising popups or sponsors + www.something.nu + encrypted code = suspicious thing. If the source is edited after my question = much more suspicious. But I don't want to accuse someone based only in assumptions that can be wrong or mere paranoia.

I'm trying to find, in temporary files, the former page. If I find it, I'll post a new question. By now I will be happy if I can understand how dangerous, in potential and generalizing, could be specifically this kind of code (input type="hidden" name="encrypted" value="-----BEGIN PKCS7---) and something about the mechanism of installing, by using such code, malicious programs in the user's PC.

the value= attribute could contain anything, even malicious code for whatever you could imagine
But as long as you don't have enabled any active scripting in your browser, it's just data of the web page, nothing to think about, not a security problem anyhow.